<?php
class RbacCommand extends CConsoleCommand
{
    private $_authManager;
    public function getHelp()
    {
        $description = "DESCRIPTION\n";
        $description .= ' '."This command generates an initial RBAC authorization hierarchy.\n";
        return parent::getHelp() . $description;
    }

    /**
     * The default action - create the RBAC structure.
     */
    public function actionIndex()
    {
        $this->ensureAuthManagerDefined();
        //provide the oportunity for the use to abort the request
        $message = "This command will create three roles: Owner, Member, and Reader\n";
        $message .= " and the following permissions:\n";
        $message .= "create, read, update and delete user\n";
        $message .= "create, read, update and delete project\n";
        $message .= "create, read, update and delete issue\n";
        $message .= "Would you like to continue?";
        //check the input from the user and continue if
        //they indicated yes to the above question
        if($this->confirm($message))
        {
        //first we need to remove all operations,
        //roles, child relationship and assignments
            $this->_authManager->clearAll();

            //create the lowest level operations for users
            $this->_authManager->createOperation(
                "createUser",
                "create a new user");
            $this->_authManager->createOperation(
                "readUser",
                "read user profile information");
            $this->_authManager->createOperation(
                "updateUser",
                "update a users in-formation");
            $this->_authManager->createOperation(
                "deleteUser",
                "remove a user from a project");

            //create the lowest level operations for projects
            $this->_authManager->createOperation(
                "createProject",
                "create a new project");
            $this->_authManager->createOperation(
                "readProject",
                "read project information");
            $this->_authManager->createOperation(
                "updateProject",
                "update project information");
            $this->_authManager->createOperation(
                "deleteProject",
                "delete a project");

            //create the lowest level operations for issues
            $this->_authManager->createOperation(
                "createIssue",
                "create a new issue");
            $this->_authManager->createOperation(
                "readIssue",
                "read issue information");
            $this->_authManager->createOperation(
                "updateIssue",
                "update issue information");
            $this->_authManager->createOperation(
                "deleteIssue",
                "delete an issue from a project");

            //create the reader role and add the appropriate
            //permissions as children to this role
            $role=$this->_authManager->createRole("reader");
            $role->addChild("readUser");
            $role->addChild("readProject");
            $role->addChild("readIssue");

            //create the member role, and add the appropriate
            //permissions, as well as the reader role itself, as children
            $role=$this->_authManager->createRole("member");
            $role->addChild("reader");
            $role->addChild("createIssue");
            $role->addChild("updateIssue");
            $role->addChild("deleteIssue");

            //create the owner role, and add the appropriate permissions,
            //as well as both the reader and member roles as children
            $role=$this->_authManager->createRole("owner");
            $role->addChild("reader");
            $role->addChild("member");
            $role->addChild("createUser");
            $role->addChild("updateUser");
            $role->addChild("deleteUser");
            $role->addChild("createProject");
            $role->addChild("updateProject");
            $role->addChild("deleteProject");
            //provide a message indicating success
            echo "Authorization hierarchy successfully generated.\n";
        }
        else
            echo "Operation cancelled.\n";
    }

    public function actionDelete()
    {
        $this->ensureAuthManagerDefined();
        $message = "This command will clear all RBAC definitions.\n";
        $message .= "Would you like to continue?";
        //check the input from the user and continue if they indicated
        //yes to the above question
        if($this->confirm($message))
        {
            $this->_authManager->clearAll();
            echo "Authorization hierarchy removed.\n";
        }
        else
            echo "Delete operation cancelled.\n";
    }
    protected function ensureAuthManagerDefined()
    {
        //ensure that an authManager is defined as this is mandatory for creating an auth heirarchy
        if(($this->_authManager=Yii::app()->authManager)===null)
        {
            $message = "Error: an authorization manager, named 'authManager' must be con-figured to use this command.";
            $this->usageError($message);
        }
    }
}

